Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
hannahccx
New Contributor

CVE-2022-30190 Follina

Hi Team, does the fortimail have deep content filtering within the attachments it scans to filter and quarantine word docs that may be looking to exploit CVE-2022-30190?

If so, are there already signatures/profiles that can be applied? FortiMail #follina

4 REPLIES 4
AEK
Contributor II

I don't have precise response on this precise CVE, but basically you have these two scenarios:

  1.  Doc file has a known malware exploiting vulnerability CVE-XXXX-XXXXX, and this known malware has a known signature -> Then FML can block it with AV policy
  2. Doc file has an unknown malware or malware of advanced threat category (e.g. Zero day, metamorphic, ...) -> Then FML is not able to detect it by its own, and you need a SandBoxing appliance instead

Hope it helps

 

hannahccx
New Contributor

Thank you for the reply.

In regards to scenario 1:

a) is there an ability to do custom signatures?
b) if not, how can I see if fortimail has already developed a signature for a particular CVE?

AEK
Contributor II

Hello

a> I don't know a way to add a customer signature on FML

b> The only way I know is to test it, i.e.: Send an infected doc and see if FML catches it.

Another method is possible: You can just open a ticket. I already did it to ask for a certain vulnerability and they replied.

TyraFulcher
New Contributor

Ok, thanks. I will open ticket. But not right now, I will do it later because I want to write an essay assignment and I already found https://writinguniverse.com/knowledge-base/ website online through which I am gonna take help to complete my essay assignment.